CVE-2024-21923
📋 TL;DR
AMD StoreMI software versions before 3.2.0.031 have incorrect default permissions that could allow a local attacker to escalate privileges. This affects Windows systems with AMD StoreMI installed, potentially enabling arbitrary code execution with elevated system privileges.
💻 Affected Systems
- AMD StoreMI
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains SYSTEM/root privileges and executes arbitrary code, potentially taking full control of the system.
Likely Case
Local user or malware with limited privileges escalates to administrative/system access to install persistent malware or access sensitive data.
If Mitigated
With proper access controls and monitoring, impact limited to isolated systems with no critical data exposure.
🎯 Exploit Status
Requires local access to the system. Exploitation likely involves manipulating file permissions or service configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.0.031 or later
Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4010.html
Restart Required: Yes
Instructions:
1. Download AMD StoreMI version 3.2.0.031 or later from AMD website. 2. Run the installer. 3. Follow on-screen instructions. 4. Restart the system when prompted.
🔧 Temporary Workarounds
Uninstall AMD StoreMI
windowsRemove the vulnerable software entirely if not needed
Control Panel > Programs > Uninstall a program > Select AMD StoreMI > Uninstall
Restrict local access
allLimit physical and remote access to affected systems
🧯 If You Can't Patch
- Isolate affected systems from critical network segments
- Implement strict local access controls and monitor for privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check AMD StoreMI version in Control Panel > Programs > Programs and Features. Versions before 3.2.0.031 are vulnerable.Check Version:
wmic product where name='AMD StoreMI' get versionVerify Fix Applied:
Verify AMD StoreMI version shows 3.2.0.031 or later after update.📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events
- AMD StoreMI service manipulation attempts
- File permission changes in StoreMI directories
Network Indicators:
- None - local exploitation only
SIEM Query:
EventID=4688 AND ProcessName LIKE '%StoreMI%' AND NewProcessName LIKE '%cmd%' OR '%powershell%'